minor fixing

Author: Leobouloc

CHANGELOG.md

@@ -57,8 +57,9 @@ have an authority field matching that of the user
   control by user scopes
 - Backends: Replace reference to a JSON column in ClickHouse with 
   function calls on the String column [BC]
-- API: Variable `RUNSERVER_AUTH_BACKEND` becomes `RUNSERVER_AUTH_BACKENDS`, and
-  multiple authentication methods are supported simultaneously
+- API: Variable `RALPH_RUNSERVER_AUTH_BACKEND` becomes
+  `RALPH_RUNSERVER_AUTH_BACKENDS`, and multiple authentication methods are
+  supported simultaneously
 
 ### Fixed
 

docs/api.md

@@ -109,7 +109,7 @@ $ curl --user [email protected]:PASSWORD http://localhost:8100/whoami
 Ralph LRS API server supports OpenID Connect (OIDC) on top of OAuth 2.0 for authentication and authorization.
 
 
-To enable OIDC auth, you should modify the `RALPH_RUNSERVER_AUTH_BACKENDS` environment variable by adding (or replacing) `oidc`:
+To enable OIDC auth, you should modify the `RALPH_RUNSERVER_AUTH_BACKENDS` environment variable by adding (or replacing by) `oidc`:
 ```bash
 RALPH_RUNSERVER_AUTH_BACKENDS=basic,oidc
 ```

src/ralph/api/auth/__init__.py

@@ -1,28 +1,31 @@
 """Main module for Ralph's LRS API authentication."""
 
+from typing import Annotated
+
 from fastapi import Depends, HTTPException, status
 from fastapi.security import SecurityScopes
 
+from ralph.api.auth.basic import AuthenticatedUser
 from ralph.api.auth.basic import get_basic_auth_user
 from ralph.api.auth.oidc import get_oidc_user
 from ralph.conf import AuthBackend, settings
 
 
 def get_authenticated_user(
     security_scopes: SecurityScopes = SecurityScopes([]),
-    basic_auth_user=Depends(get_basic_auth_user),
-    oidc_auth_user=Depends(get_oidc_user),
-):
+    basic_auth_user: Optional[AuthenticatedUser]=Depends(get_basic_auth_user),
+    oidc_auth_user: Optional[AuthenticatedUser]=Depends(get_oidc_user),
+) -> AuthenticatedUser:
     """Authenticate user with any allowed method, using credentials in the header."""
     if AuthBackend.BASIC not in settings.RUNSERVER_AUTH_BACKENDS:
         basic_auth_user = None
     if AuthBackend.OIDC not in settings.RUNSERVER_AUTH_BACKENDS:
         oidc_auth_user = None
 
-    if basic_auth_user is not None:
+    if basic_auth_user:
         user = basic_auth_user
         auth_method = "Basic"
-    elif oidc_auth_user is not None:
+    elif oidc_auth_user:
         user = oidc_auth_user
         auth_method = "Bearer"
     else:

src/ralph/api/auth/oidc.py

@@ -66,7 +66,7 @@ def discover_provider(base_url: AnyUrl) -> Dict:
         )
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
-            detail="Could not validate credentials ABU",
+            detail="Could not validate credentials", # TODO: this is not tested
             headers={"WWW-Authenticate": "Bearer"},
         ) from exc
 
@@ -88,7 +88,7 @@ def get_public_keys(jwks_uri: AnyUrl) -> Dict:
         )
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
-            detail="Could not validate credentials ABA",
+            detail="Could not validate credentials", # TODO: this is not tested
             headers={"WWW-Authenticate": "Bearer"},
         ) from exc
 

src/ralph/conf.py

@@ -145,7 +145,7 @@ class AuthBackends(str):
 
     @classmethod
     def __get_validators__(cls):  # noqa: D105
-        """Checks whether the value is a comma separated string or a tuple representing
+        """Check whether the value is a comma separated string or a tuple representing
         an AuthBackend."""
 
         def validate(

tests/test_conf.py

@@ -9,11 +9,6 @@
 from ralph.conf import CommaSeparatedTuple, Settings, settings
 from ralph.exceptions import ConfigurationException
 
-# import os
-# def test_env_dist(fs, monkeypatch):
-#     fs.create_file(".env", contents=os.read("../.env.dist"))
-#     Settings()
-
 
 def test_conf_settings_field_value_priority(fs, monkeypatch):
     """Test that the Settings object field values are defined in the following